Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 482142 (CVE-2013-4263) - media-video/ffmpeg : Multiple Vulnerabilities
Summary: media-video/ffmpeg : Multiple Vulnerabilities
Alias: CVE-2013-4263
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Depends on:
Reported: 2013-08-22 20:17 UTC by Agostino Sarubbo
Modified: 2013-09-12 21:12 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-08-22 20:17:58 UTC
From ${URL} :


Multiple vulnerabilities have been reported in FFmpeg, which can be exploited by malicious people to cause a DoS (Denial of Service).

1) Some errors can be exploited to cause crashes.

2) An error within the "kempf_decode_tile()" function (libavcodec/g2meet.c) can be exploited to cause a crash.

3) An error within the "av_reallocp_array()" function (libavutil/mem.c) can be exploited to cause a NULL pointer dereference.

The vulnerabilities are reported in versions prior to 2.0.1.

Update to version 2.0.1.

Provided and/or discovered by:
Disclosed in the GIT commits.

Original Advisory:

@maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Comment 1 Agostino Sarubbo gentoo-dev 2013-08-22 20:18:50 UTC
if this affects only the masked version(s), feel free to close as INVALID
Comment 2 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-12 21:12:48 UTC
Appears to only affect 2.x. Closing.